Path to this page:
Next | Query returned 1 messages, browsing 1 to 10 | previous
CVS Commit History:
2019-10-23 13:33:38 by Benny Siegert | Files touched by this commit (3) | |
Log message:
Pullup ticket #6074 - requested by taca
www/ruby-loofah: seucurity fix
Revisions pulled up:
- www/ruby-loofah/Makefile 1.6
- www/ruby-loofah/PLIST 1.5
- www/ruby-loofah/distinfo 1.6
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Oct 22 16:24:20 UTC 2019
Modified Files:
pkgsrc/www/ruby-loofah: Makefile PLIST distinfo
Log message:
www/ruby-loofah: update to 2.3.1
## 2.3.1 / 2019-10-22
### Security
Address CVE-2019-15587: Unsanitized JavaScript may occur in sanitized output \
when a crafted SVG element is republished.
This CVE's public notice is at https://github.com/flavorjones/loofah/issues/171
## 2.3.0 / unreleased
### Features
* Expand set of allowed protocols to include `tel:` and `line:`. [#104, #147]
* Expand set of allowed CSS functions. [related to #122]
* Allow greater precision in shorthand CSS values. [#149] (Thanks, @danfstucky!)
* Allow CSS property `list-style` [#162] (Thanks, @jaredbeck!)
* Allow CSS keywords `thick` and `thin` [#168] (Thanks, @georgeclaghorn!)
* Allow HTML property `contenteditable` [#167] (Thanks, @andreynering!)
### Bug fixes
* CSS hex values are no longer limited to lowercase hex. Previously uppercase \
hex were scrubbed. [#165] (Thanks, @asok!)
### Deprecations / Name Changes
The following method and constants are hereby deprecated, and will be \
completely removed in a future release:
* Deprecate `Loofah::Helpers::ActionView.white_list_sanitizer`, please use \
`Loofah::Helpers::ActionView.safe_list_sanitizer` instead.
* Deprecate `Loofah::Helpers::ActionView::WhiteListSanitizer`, please use \
`Loofah::Helpers::ActionView::SafeListSanitizer` instead.
* Deprecate `Loofah::HTML5::WhiteList`, please use `Loofah::HTML5::SafeList` \
instead.
Thanks to @JuanitoFatas for submitting these changes in #164 and for making \
the language used in Loofah more inclusive.
|
Next | Query returned 1 messages, browsing 1 to 10 | previous